BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

New eEye Zero-Day Tracker Site is Up!

Posted September 22, 2010    Marc Maiffret

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability.

The ZDT is also an important tool to hold technology companies accountable. eEye has long believed that we are not only striving to provide IT folks the best Vulnerability Management solutions to combat vulnerabilities within their own organizations, but also that we must all work as a community to hold technology companies accountable for the timely and responsible fixing of security vulnerabilities.

As you’ll see on the eEye ZDT website, the number of Zero-Day vulnerabilities is certainly not slowing down. Maybe even more disconcerting is the fact that some vulnerabilities in the list have been known for months – a stark reminder that some technology companies will simply leave Zero-Day vulnerabilities unpatched for a period of time.

In addition to the dramatic increase in Zero-Day vulnerabilities, we’re also seeing an increase in the usage of Zero-Day vulnerabilities within common widespread cybercrime attacks rather than the norm of silent targeted attacks. These trends should serve as a reminder that in order to effectively secure your organization in today’s threat landscape, you must operate under the assumption that there are unpatched vulnerabilities that can affect your organization. It’s critical to ask yourself honestly if you’ve implemented technologies, configurations, and processes that go above and beyond the reactive security of traditional anti-virus, firewall, and intrusion detection technologies.

I personally invite you to take advantage of this newly launched service from the eEye Research Team. Please use it not only as a resource for yourself, but also as a shared tool to collectively hold technology companies accountable. At eEye, we’ve seen firsthand the power of the IT Security community to change the culture of security even at a company as large as Microsoft. So, in an effort to work together, please send us an email at research@eeye.com, if you know of a current or previously patched Zero-Day that’s not listed on our ZDT website. We will be sure to add it.

Look for more resources and tools from us over the coming months, as we continue to push for accountability across all technology companies. Let’s work to establish a new standard where they put security first and features second.

Tags:
, , , ,

Leave a Reply

Additional articles

powerbroker-for-mac-diagram-small

PowerBroker for Mac: A Least-Privileged Apple a Day…

Posted July 27, 2015    Jason Silva

BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Tags:
, ,
PrivilegedAccountManagement

On Demand Webinar – Now is the time for Privileged Account Management

Posted July 24, 2015    BeyondTrust Software

In this webinar, SANS Instructor and Founder of Voodoo Security, Dave Shackleford, will revisit several hacking and breach scenarios that involved privileged accounts, and use these as examples while discussing tools and tactics to get this problem under control once and for all.

Tags:
, ,
dave-shackleford-headshot

Privileged Account Management: The Time is Now

Posted July 22, 2015    Dave Shackleford

There’s plenty of problems we don’t have great options for in InfoSec today. Malware is a pain point that keeps evolving rapidly. 0-day exploits are tough to prepare for. Privileged account management? We got this. We know the root causes, we know how it manifests, we know how to get it under control effectively, and there are great technology solutions that are enterprise-class.

Tags:
, ,